23 Charged in Card Fraud Scheme

Federal authorities in New York have charged 23 individuals for the roles they allegedly played in a counterfeit card scheme that compromised more than 1,000 payment cards used to make more than $2 million worth of unauthorized retail purchases in several states.

Between June and December, the 23 defendants and their co-conspirators allegedly acquired stolen credit and debit card details through network attacks and underground forums, according to a Dec. 10 statement issued by the U.S. Attorney for the Southern District of New York. The group then created counterfeit cards encoded with the stolen details as well as the names of certain co-conspirators, who were called "shoppers," authorities say.

Some members of the group acted as "drivers" who coordinated teams of shoppers and took them to retail stores in several states, including Texas, North Carolina, Virginia, Pennsylvania and New Jersey, prosecutors say. Then the shoppers, who were each given dozens of counterfeit cards, fraudulently purchased gift cards, electronics, cosmetics, clothing and other merchandise.

To convert these items to cash, the defendants transported goods to New York and California, where they were sold to other co-conspirators who, in turn, sold the items or had others exchange them for refunds, authorities claim.

Masterminds Hard to Stop

Financial fraud expert Shirley Inscoe, an analyst for the consultancy Aite, says that while these indictments have likely put a significant dent in this nearly seven-month scheme, they aren't likely to impact the masterminds behind the job.

"Unfortunately, in most of these cases, the only people who get caught are the mules or runners who are actually performing the transactions," she says. "The kingpin who organizes the ring's activities behind the scenes usually escapes, to do it again after the activity surrounding the case dies down."

But the cooperation between retailers and law enforcement that ultimately resulted in this takedown is significant, she adds. "I know these fraudsters hit the area where I live [in North Carolina] pretty hard recently, predominantly buying gift cards at various retailers," Inscoe says. "The retailers all worked with law enforcement, and I suspect that helped solve the case fairly quickly."

John Buzzard, who oversees FICO's Card Alert Service, says complex schemes such as this are difficult for law enforcement and prosecutors to piece together.

"Bringing a case like this to trial requires a tremendously coordinated effort," he says. "You could break a case wide open just by arresting the right mule who just happened to have a stack of counterfeited cards in his possession that linked him back to a much larger pool of fraud. But you still have to perform link analysis and prove that all of the players are somehow related to a singular crime machine, so you end up needing the expertise of law enforcement, retailers and fraud investigators to carry this off successfully."

In this case, the Secret Service worked with the Drug Enforcement Administration to arrest 19 defendants in Queens, N.Y., and one in Los Angeles. One other defendant was already in custody in New York. Two remaining defendants are still at large, investigators say.

Each defendant now faces charges of conspiracy to commit access device fraud, which carries a maximum penalty of seven-and-a-half years in prison, and aggravated identity theft, which carries a mandatory sentence of two years.

Similar Scheme

A similar nationwide card and retail scheme dating back to 2011, known as Operation Black Rain, also was prosecuted in New York.

That scheme involved waiters at high-end restaurants hired to skim patrons' credit-card data. Then counterfeit credit cards were created with the stolen data and used to make fraudulent purchases from high-end retailers. That merchandise was then sold for 50 percent of the retail value. In all, 29 defendants were indicted.

Retailers need to use analytics to detect these types of attacks sooner, experts advise. "There are also many retailers out there who maintain shopper profile databases that track the purchase and return habits of shoppers so that they can identify organized groups who might be targeting their operations," Buzzard says. "This is especially beneficial when multiple jurisdictions and synthetic identities are in play."

About the Author

Kitten was director of global events content and an executive editor at ISMG. A veteran journalist with more than 20 years' experience, she covered the financial sector for 10+ years. Before joining Information Security Media Group in 2010, she covered the financial self-service industry as the senior editor of ATMmarketplace, part of Networld Media. Kitten has been a regular speaker at domestic and international conferences, and was the keynote at ATMIA's U.S. and Canadian conferences in 2009. She has been quoted by CNN.com, ABC News, Bankrate.com and MSN Money.

Operation Success!

Risk Management Framework: Learn from NIST

From heightened risks to increased regulations, senior leaders at all levels are pressured to
improve their organizations' risk management capabilities. But no one is showing them how -
until now.

Learn the fundamentals of developing a risk management program from the man who wrote the book
on the topic: Ron Ross, computer scientist for the National Institute of Standards and
Technology. In an exclusive presentation, Ross, lead author of NIST Special Publication 800-37
- the bible of risk assessment and management - will share his unique insights on how to:

Understand the current cyber threats to all public and private sector organizations;

Develop a multi-tiered risk management approach built upon governance, processes and
information systems;

Enter your email address to reset your password

Already have anISMG account?

Forgot Your Password Message:

Contact Us

Already have anISMG account?

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing databreachtoday.co.uk, you agree to our use of cookies.